b333a3313b8dd85dd55945e657961d2854d5d9687b585fffc7360bbac87d19a3 | Triage

Sharing

General

Target

b333a3313b8dd85dd55945e657961d2854d5d9687b585fffc7360bbac87d19a3
Size

109KB
Sample

221124-zcc7dsgf63
MD5

394552a4f1b116ccd5825a5f27928435
SHA1

eb19a98f59c0a17bd09f04d618743c5365292fdb
SHA256

b333a3313b8dd85dd55945e657961d2854d5d9687b585fffc7360bbac87d19a3
SHA512

ca4ad388fed404794287443ed768e913624454e2acbd2b0b5b7b34ea9c3e081e874478f165b23ea6444a1fe53af5e80fdb12be4482f441810ff9e2697c293397
SSDEEP

1536:WwHTYXvGC2Ek61ZNe2cIBGh90nEmhOZOEpn1qtMyO895bbdSCMhr/GXK9BvKXvE9:JTY/5k6fEnxS9Rbdcr/GzXTM

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  b333a3313b8dd85dd55945e657961d2854d5d9687b585fffc7360bbac87d19a3
- Size
  
  109KB
- MD5
  
  394552a4f1b116ccd5825a5f27928435
- SHA1
  
  eb19a98f59c0a17bd09f04d618743c5365292fdb
- SHA256
  
  b333a3313b8dd85dd55945e657961d2854d5d9687b585fffc7360bbac87d19a3
- SHA512
  
  ca4ad388fed404794287443ed768e913624454e2acbd2b0b5b7b34ea9c3e081e874478f165b23ea6444a1fe53af5e80fdb12be4482f441810ff9e2697c293397
- SSDEEP
  
  1536:WwHTYXvGC2Ek61ZNe2cIBGh90nEmhOZOEpn1qtMyO895bbdSCMhr/GXK9BvKXvE9:JTY/5k6fEnxS9Rbdcr/GzXTM
Score

8^/10

evasion persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence